NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Managing the Security of Information Exchanges

Published

Author(s)

Kelley L. Dempsey, Victoria Yan Pillitteri, Andrew Regenscheid

Abstract

An organization often has mission and business-based needs to exchange (share) information with one or more other internal or external organizations via various information exchange channels. However, it is recognized that the information being exchanged also requires the same or similar level of protection as it moves from one organization to another (protection commensurate with risk). This publication focuses on managing the protection of the information being exchanged or accessed before, during, and after the exchange, and provides guidance on identifying information exchanges, considerations for protecting exchanged information, and the agreement(s) needed to help manage the risk associated with exchanging information. This publication does not provide implementation guidance on any particular type of technology-basd connection or information access or exchange method. Organizations are expected to tailor the guidance to meet specific organizational needs and requirements regarding the information exchange.
Citation
Special Publication (NIST SP) - 800-47rev1
Report Number
800-47rev1
NIST Pub Series
Special Publication (NIST SP)
Pub Type
NIST Pubs

Download Paper

https://doi.org/10.6028/NIST.SP.800-47r1
Local Download

Keywords

agreements, connection, information exchange, information exchange agreement, interconnection, interconnection security agreement, memoranda of agreement, memoranda of understanding, nondisclosure agreement, protection requirements, risk management, service level agreement, user agreement.
Risk management, Information technology and Cybersecurity and privacy

Citation

Dempsey, K. , Pillitteri, V. and Regenscheid, A. (2021), Managing the Security of Information Exchanges, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.SP.800-47r1, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=932582 (Accessed October 1, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created July 20, 2021, Updated November 29, 2022
Was this page helpful?